So I'm currently being hit with around 30kpps ddos. IP's are spoofed and source ports are randomized.
Code: Select all
12:27:41.963072 IP (tos 0x0, ttl 78, id 23131, offset 0, flags [none], proto UDP (17), length 53) 80.171.194.108.23239 > 74.91.116.247.27015: UDP, length 25
0x0000: 4500 0035 5a5b 0000 4e11 3ff3 50ab c26c E..5Z[..N.?.P..l
0x0010: 4a5b 74f7 5ac7 6987 0021 aa39 ffff ffff J[t.Z.i..!.9....
0x0020: 5453 6f75 7263 6520 456e 6769 6e65 2051 TSource.Engine.Q
0x0030: 7565 7279 00 uery.
I can't find a way to filter against it at all really, so any ideas would be appreciated.
I've tried serversecure2/DAF but both of them simply can't handle that amount of packets. I've also set max queries per sec global to 1 but it doesn't seem to help.